Skip to content

Commit

Permalink
Update axios version to address vulnerability
Browse files Browse the repository at this point in the history 
Addresses vulnerability:

An issue discovered in Axios 0.8.1 through 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.
  • Loading branch information
@michaelpnelson
michaelpnelson committed Dec 12, 2023
1 parent 1927e00 commit bae821a
Show file tree
Hide file tree
Showing 2 changed files with 54 additions and 4 deletions.
57 changes: 53 additions & 4 deletions package-lock.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@
},
"overrides": {
"async": "~2.6.4",
"axios": ">=1.6.0",
"engine.io": ">=6.4.2",
"getobject": ">=1.0.0",
"shelljs": ">=0.8.5",
Expand Down

0 comments on commit bae821a

Please sign in to comment.